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AMENDMENTS TO THE CLAIMS 

1 . (Currently Amended) A method for requesting a service-specific traffic encryption key 
from a subscriber station to a base station in a data communication system, the method 
comprising: 

(a) determining a service type for a traffic encryption key to be used for security on a 
traffic connection to the base station prior to establishing the traffic connection with the base 
station, wherein the traffic encryption key is used to encrypt traffic data to be transferred through 
a data traffic between the subscriber station and the base station, and the service type represents a 
type of the data traffic and is one of a unicast service, a multicast service, and a broadcast 
service; 

(b) generating a Key Request message for requesting a traffic encryption key 
corresponding to the determined service type prior to establishing the traffic connection with the 
base station, wherein the Key Request message includes the determined service type; 

(c) sending the generated Key Request message to the base station using a media access 
control (MAC) message prior to establishing the traffic connection with the base station ; and 

(d) receiving a Key Reply message including the traffic encryption key corresponding to 
the determined service type from the base station prior to establishing the traffic connection with 
the base station . 

2-3. (Cancelled) 

4. (Previously Presented) The method as claimed in claim 1 , wherein when the service 
type is a multicast service, the parameter of the Key Request message includes an ID containing 
an identifier of a multicast service group for a subscriber. 

5. (Previously Presented) The method as claimed in claim 1 , wherein the step (c) includes 



-2- 



Application No.: 10/582.440 
Docket No.: 1403-6 PCT US (OPP20061 I42US) 



sending the Key Request message using a PKM-REQ (Privacy Key Management-Request) that is 
one of MAC messages of the IEEE 802.16 standard protocol. 

6. (Currently Amended) A method for generating and distributing a service-specific 
traffic encryption key from a base station to a subscriber station in a data communication system, 
the method comprising: 

(a) receiving a Key Request message from the subscriber station requesting the service- 
specific traffic encryption ke y prior to establishing a traffic connection with the base station , 
wherein the service-specific traffic encryption key is used to encrypt traffic data to be transferred 
through a data traffic between the subscriber station and the base station, and the Key Request 
message includes a service type representing a type of the data traffic and being one of a unicast 
service, a multicast service, and a broadcast service; 

(b) analyzing the Key Request message to extract the service type prior to establishing the 
traffic connection with the base station : 

(c) generating a traffic encryption key according to the extracted service type prior to 
establishing the traffic connection with the base station : and 

(d) generating a Key Reply message including the generated traffic encryption key and 
sending the generated Key Reply message to the subscriber station using a MAC message prior 
to establishing the traffic connection with the base station . 

7. (Previously Presented) The method as claimed in claim 6, wherein the base station 
analyzes the parameter to determine the service type. 

8. (Previously Presented) The method as claimed in claim 6, wherein the step (c) 
includes: in the case that generation of the traffic encryption key for the subscriber station is a 
failure due to the determined service type, the base station generating a Key Reject message 
including an error code indicating a reason of the failure and sending the generated Key Reject 
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message to the subscriber station using a MAC message. 

9. (Original) The method as claimed in claim 8, wherein the base station enters 
"unsupported service type" on the error code and sends the error code to the subscriber station in 
the case that the traffic encryption key for a service type corresponding to a traffic encryption key 
request of the subscriber station cannot be generated and distributed. 

10. (Cancelled) 

1 1 . (Previously Presented) The method as claimed in claim 6, wherein the base station 
enters "unauthorized multicast service group ID" on the error code and sends the error code to the 
subscriber station in the case that the service type for the traffic encryption key requested by the 
subscriber station is a multicast service and defined as unsupported multicast service for the 
specific multicast service group ID, because the SS is not authorized for the specific multicast 
service group by the base station. 

12. (Original) The method as claimed in claim 8, wherein the Key Reply message and the 
Key Reject message are sent using a PKM-RSP (Privacy Key Management-Response) message 
that is one of MAC messages of the IEEE 802.16 standard protocol. 

13. (Currently Amended) A protocol configuration method for generating and distributing 
a service specific traffic encryption key to be used for security on a traffic connection between a 
base station and a subscriber station in a data communication system, the protocol configuration 
method comprising: 

(a) the subscriber station sending a Key Request message for requesting a service-specific 
traffic encryption key to the base station using a MAC message prior to establishing the traffic 
connection with the base station , wherein the service-specific traffic encryption key is used to 
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encrypt traffic data to be transferred through a data traffic between the subscriber station and the 
base station, and the Key Request message includes a service type representing a type of the data 
traffic and being one of a unicast service, a multicast service, and a broadcast service; and 

(b) the base station analyzing the Key Request message received from the subscriber 
station, generating the requested service-specific traffic encryption key, and sending a Key Reply 
message including the generated service-specific traffic encryption key to the subscriber station 
using a MAC message prior to establishing the traffic connection with the base station . 

wherein the generated service-specific traffic encryption key is generated corresponding 
to the service type included in the Key Request message. 

14. (Original) The protocol configuration method as claimed in claim 13, wherein the 
step (a) comprises: 

sending the Key Request message using a PKM-REQ message that is one of MAC 
messages of the IEEE 802.16 standard. 

15. (Original) The protocol configuration method as claimed in claim 13, wherein the 
step (b) comprises: 

sending a Key Reject message including an error code recording a reason of a failure to 
the subscriber station using a MAC message in the case that generation of the service-specific 
encryption key is failed. 

16. (Original) The protocol configuration method as claimed in claim 15, wherein the 
step (b) comprises: 

sending the Key Reply message and the Key Reject message using a PKM-RSP message 
that is one of MAC messages of the IEEE 802.16 standard protocol. 

17. (Currently Amended) An apparatus wirelessly connected to a base station in a data 
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communication system so as to request a service-specific traffic encryption key from the base 
station, the apparatus comprising: 

a Key Request message generator for generating a Key Request message for requesting 
the service-specific traffic encryption key from the base station prior to establishing a traffic 
connection with the base station , wherein the service-specific traffic encryption key is used to 
encrypt traffic data to be transferred through a data traffic between the apparatus and the base 
station, and the Key Request message includes a service type representing a type of the data 
traffic and being one of a unicast service, a multicast service, and a broadcast service; 

a Key Request message sender for sending the Key Request message of the Key Request 
message generator to the base station using a MAC messag e prior to establishing the traffic 
connection with the base station : 

a Key Reply/Reject message receiver for receiving a Key Reply message or a Key Reject 
message from the base station using a MAC message prior to establishing the traffic connection 
with the base station , wherein the Key Reply message includes the traffic encryption key 
corresponding to the service type included in the Key Request message; 

a message analyzer for analyzing the Key Reply message or the Key Reject message from 
the Key Reply/Reject message receiver to extract the traffic encryption key from the Key Reply 
message, or analyze an error type from the Key Reject message prior to establishing the traffic 
connection with the base station : and 

a key request controller for controlling operations of the Key Request message generator, 
the Key Request message sender, the Key Reply/Reject message receiver, and the message 
analyzer, and requesting the base station to allocate the service-specific traffic encryption key and 
process the traffic encryption key according to the requested key allocation or an error code 
generated upon occurrence of an error as received from the base station prior to establishing the 
traffic connection with the base station . 

18. (Previously Presented) The apparatus as claimed in claim 1 7, wherein the Key 
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Request message further comprises a multicast service group ID of the subscriber station when 
the service type is a multicast service. 

19. (Original) The apparatus as claimed in claim 17, further comprising: 

a memory for storing information including the traffic encryption key or the error code 
resulted from an analysis of the message analyzer under the control of the key request controller. 

20. (Currently Amended) An apparatus provided to a base station for generating and 
distributing a service-specific traffic encryption key in a data communication system, the 
apparatus comprising: 

a Key Request message receiver receiving a Key Request message requesting the service- 
specific traffic encryption key from a subscriber station using a MAC message prior to 
establishing a traffic connection with the base station , wherein the service-specific traffic 
encryption key is used to encrypt traffic data to be transferred through a data traffic between the 
subscriber station and the base station, and the Key Request message includes a service type 
representing a type of the data traffic and being one of a unicast service, a multicast service, and 
a broadcast service; 

a message analyzer analyzing the Key Request message of the Key Request message 
receiver to extract information including a service type in the Key Request messag e prior to 
establishing the traffic connection with the base station : 

a subscriber discriminator determining whether a traffic encryption key can be allows to a 
requested service type wording to the Key Request message prior to establishing the traffic 
connection with the base station : 

a traffic encryption key generator generating a service-specific traffic encryption key 
corresponding to the service type extracted by the message analyze r prior to establishing the 
traffic connection with the base station; 

a Key Reply message sender generating a Key Reply message including the traffic 
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encryption key generated by the traffic encryption key generator according to the requested 
service type from the subscriber station, and sending the generated Key Reply message to the 
subscriber station using a MAC message prior to establishing the traffic connection with the base 
station : and 

a key generation and distribution controller for controlling operations of the Key Request 
message receiver, the message analyzer, the subscriber discriminator, the traffic encryption key 
generator, and the Key Reply message sender to generate and distribute a corresponding service- 
specific traffic encryption key according to a request for service-specific traffic encryption key 
refreshment from the subscriber station prior to establishing the traffic connection with the base 
station . 

21. (Original) The apparatus as claimed in claim 20, further comprising: 

a Key Reject message sender for sending a Key Reject message including an error code to 
the subscriber station using a MAC message under the control of the key generation and 
distribution controller in the case that the traffic encryption key generator generates an error for 
the request of the subscriber station. 

22. (Original) The apparatus as claimed in claim 20, further comprising: 

a memory for storing information including an analysis result of the message analyzer and 
a discrimination result of the subscriber discriminator under the control of the key generation and 
distribution controller. 



